Daniel Von Fange

@danielvf

Skilled Professional (most days). Defends against the bad guys.

East Coast

Joined September 2006

1KFollowing

12KFollowers

Pinned

Daniel Von Fange@danielvf · Jul 2

The most basic bug finding skill is splitting up the code into every possible execution path, and then checking each one. Bonus: Each code universes created by splitting if's is simpler and easier to check than the original

danielvf's tweet image. The most basic bug finding skill is splitting up the code into every possible execution path, and then checking each one.

Bonus: Each code universes created by splitting if's is simpler and easier to check than the original

161

101

11.0K

Daniel Von Fange@danielvf · Jul 22

Having been on the receiving end of a bug bounty program and audits, this is easy: Severity: High - Permanent freezing of funds. ETH sent to the contract via self-destruct calls cannot be withdrawn from the contract and is cannot be recovered.

danielvf's tweet image. Having been on the receiving end of a bug bounty program and audits, this is easy:

Severity: High - Permanent freezing of funds.

ETH sent to the contract via self-destruct calls cannot be withdrawn from the contract and is cannot be recovered.

150

9.0K

Daniel Von Fange@danielvf · Jul 21

"You can always make things worse in an emergency" - Hoot's law It's always important to move at the right speed during a DeFi incident response. Everybody is willing to pull big levers, and you need to make sure you don't error.

danielvf's tweet image. "You can always make things worse in an emergency" - Hoot's law

It's always important to move at the right speed during a DeFi incident response. Everybody is willing to pull big levers, and you need to make sure you don't error.

959

Daniel Von Fange@danielvf · Jul 17

The number of bugs found in your code is a good indicator of the number of bugs left in your code. More auditors should say this when its true:

danielvf's tweet image. The number of bugs found in your code is a good indicator of the number of bugs left in your code.

More auditors should say this when its true:

149

9.0K

Daniel Von Fange@danielvf · Jul 17

A flash loan is just a funding mechanism, and we don't have a vulnerability category for "Binance attack". Nor do we call a bank robbery that bought a mask with a credit card a "Visa attack vulnerability".

YYi@SuplabsYi · Jul 16

when will we learn that the term “flash loan attack” is incorrect?

5.0K

Daniel Von Fange@danielvf · Jul 10

There's a surprising number of ludicrously bad blackhats. You don't hear about them because they rarely hack stuff, but if you watch everything sus on a blockchain for a month, they make up the majority of the action.

AAV_@_avoloder · Jul 10

Are there any non-capable blackhats? 😄 I guess if the only metric is your intention to hack and not return the funds, then maybe. Are you even a blackhat if you haven't successfully hacked something? 😅

3.0K

Daniel Von Fange@danielvf · Jun 18

No context chart

2.0K

Daniel Von Fange@danielvf · Jun 9

One of the positive effects of crypto currency: Whenever a world leader gets their twitter hacked, instead of trying starting a war, hackers just try to get people to send them money. Much lower overall cost for civilization.

danielvf's tweet image. One of the positive effects of crypto currency: Whenever a world leader gets their twitter hacked, instead of trying starting a war, hackers just try to get people to send them money. Much lower overall cost for civilization.

1.0K